Advocates whitelists and other tools that ‘genuinely help’ security

Kiwicon Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort on tools like antivirus and intrusion detection to instead research more meaningful defences such as whitelisting applications.

The incident responder from Google’s Sydney office, who is charged with researching very advanced attacks including the 2009 Operation Aurora campaign, decried many existing tools as ineffective “magic” that engineers are forced to install for the sake of compliance but at the expense of real security.

“Please no more magic,” he told the Kiwicon hacking conference in Wellington, New Zealand today.

“We need to stop investing in those things we have shown do not work.”

“And sure you are going to have to spend some time on things like intrusion detection systems because that’s what the industry has decided is the plan, but allocate some time to working on things that actually genuinely help.”

“Antivirus does some useful things, but in reality it is more like a canary in the coal mine. It is worse than that. It’s like we are standing around the dead canary saying ‘Thank god it inhaled all the poisonous gas’,” he said.

The Google hacker also argued that networks are not a security defence because users are so easily able to use mobile networks to upload data to cloud services, bypassing all traditional defences.

Advice on safe internet use is “horrible”, he added. Telling users not to click on phishing links and to download strange executables effectively shifts blame to them and away from those who manufactured hardware and software that is not secure enough to be used online.

“We are giving people systems that are not safe for the internet and we are blaming the user.”

Referring to the 314 remote code execution holes disclosed in Adobe Flash last year alone, he compared the strategy to patch those holes to a car yard which sells vehicles that catch on fire every other week. ®

Yes this is exactly what I am talking about! Make efficient protection by secret recognizing algorithms too that would prevent disclosure of information autonomously instead of relying on outdated technology and believing in pattern based antivirus products.
Next mission: make cyber security technology vendors take the new course.
Sub mission: give more space for AI to grow, and understand security that would eventually make it develop into becoming the second line of defense.